Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PHPMaster.com:
Baking Cookies in PHP
Jul 26, 2012 @ 08:07:09

On PHPMaster.com there's a new tutorial about working with cookies in PHP applications - an introductory look at what they are, how to set them and how to read their values.

Have you ever wondered that in spite of HTTP being a stateless protocol, when you log in to a website and buy stuff and checkout how the server can identify you uniquely? You might wonder if HTTP is stateless but your state is maintained through your interactions, isn’t this a contradiction? Welcome to world of cookies (not the ones which we can eat, btw :)), one the of primary ways to maintain user state and interaction between the web browser and the web server.

She shares a lifecycle of a common cookie and describes the parts of the setcookie method (parameters). There's also a few code examples showing how to read and write to them as well as update their values/expirations.

tagged: cookie tutorial introduction setcookie

Link:

Brian Moon's Blog:
PHP session cookie refresh
May 14, 2008 @ 12:51:02

Brian Moon has posted a tip (and a bit of code) he's worked up to help make a users cookies last a bit longer than they were originally designed to:

When you start a session, if the user had no cookie, they get a new session id and they get a cookie. You can configure that cookie to last for n seconds via php.ini or session_cookie_set_params(). But, and this is a HUGE but for me, that cookie will expire in n seconds no matter what.

His method provides a way to extend the life of the cookies currently set for the domain by changing the time to live through a series of ini_get calls wrapped in a setcookie() call.

tagged: cookie session refesh timetolive setcookie iniset

Link:

PHP-Learn-It.com:
Cooking Cookies with PHP
Sep 10, 2007 @ 15:10:52

On PHP-Learn-It.com today, there's a new tutorial looking to get you, the budding PHP developer, into working with cookies in PHP.

A cookie is often used to store data which can be used to identify a user, for example, person's username. [...] In this tutorial, we will learn how to write, read and delete cookies in PHP.

They show how to create the cookie (with set_cookie) - both one that will timeout when the browser closes and one that stays after - how to read the value from them and how to remove them by setting the data in the past.

tagged: cookie setcookie create delete read tutorial beginner cookie setcookie create delete read tutorial beginner

Link:

PHP-Learn-It.com:
Cooking Cookies with PHP
Sep 10, 2007 @ 15:10:52

On PHP-Learn-It.com today, there's a new tutorial looking to get you, the budding PHP developer, into working with cookies in PHP.

A cookie is often used to store data which can be used to identify a user, for example, person's username. [...] In this tutorial, we will learn how to write, read and delete cookies in PHP.

They show how to create the cookie (with set_cookie) - both one that will timeout when the browser closes and one that stays after - how to read the value from them and how to remove them by setting the data in the past.

tagged: cookie setcookie create delete read tutorial beginner cookie setcookie create delete read tutorial beginner

Link:

Ilia Alshanetsky's Blog:
httpOnly cookie flag support in PHP 5.2
Aug 11, 2006 @ 07:20:14

Ilia Alshanetsky has posted today about a new patch that's been applied to the PHP 5.2 source (in CVS) to include support for the "httpOnly" cookie flag in its cookie handling.

Thanks to a patch from Scott MacVicar that I've just applied to CVS, PHP 5.2 will have support for httpOnly cookie flag. This neat little feature allows you to mark a newly created cookie as HTTP only, another words inaccessible to browser based scripting languages such as JavaScript. This means it would become far more difficult, if not impossible to steal a user's cookie based session by injecting JavaScript into a page and then using to read cookies.

Definitely a most excellent development! He includes some code examples to show how it will be used, as a seventh parameter to the setcookie/setrawcookie functions (TRUE/FALSE). You can also use an ini_set to make the session cookie behave the same way.

Oh, and PHP4 and 5.1 users can do the same thing of thing, just not as elegantly, with a header call to Set-Cookie manually.

tagged: cookie support httponly javascript setcookie setrawcookie session cookie support httponly javascript setcookie setrawcookie session

Link:

Ilia Alshanetsky's Blog:
httpOnly cookie flag support in PHP 5.2
Aug 11, 2006 @ 07:20:14

Ilia Alshanetsky has posted today about a new patch that's been applied to the PHP 5.2 source (in CVS) to include support for the "httpOnly" cookie flag in its cookie handling.

Thanks to a patch from Scott MacVicar that I've just applied to CVS, PHP 5.2 will have support for httpOnly cookie flag. This neat little feature allows you to mark a newly created cookie as HTTP only, another words inaccessible to browser based scripting languages such as JavaScript. This means it would become far more difficult, if not impossible to steal a user's cookie based session by injecting JavaScript into a page and then using to read cookies.

Definitely a most excellent development! He includes some code examples to show how it will be used, as a seventh parameter to the setcookie/setrawcookie functions (TRUE/FALSE). You can also use an ini_set to make the session cookie behave the same way.

Oh, and PHP4 and 5.1 users can do the same thing of thing, just not as elegantly, with a header call to Set-Cookie manually.

tagged: cookie support httponly javascript setcookie setrawcookie session cookie support httponly javascript setcookie setrawcookie session

Link: